Detections
Analytics

Cisco IOS Software Industrial Ethernet Switch Device Manager DoS (cisco-sa-ios-invalid-url-dos-Nvxszf6u)

high Nessus Plugin ID 270572

Language:

Synopsis

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device.

Description

This vulnerability occurs due to improper input validation in the device’s HTTP request handling. An attacker could exploit it by sending a specially crafted URL to the web interface, causing the device to crash and reload. Successful exploitation results in a denial-of-service (DoS) condition, disrupting normal network operations.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwo34150

See Also

http://www.nessus.org/u?b138c090

http://www.nessus.org/u?acad5d9e

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo34150

Plugin Details

Severity: High

ID: 270572

File Name: cisco-sa-ios-invalid-url-dos-Nvxszf6u-ios.nasl

Version: 1.1

Type: combined

Family: CISCO

Published: 10/15/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-20327

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2025

Vulnerability Publication Date: 9/24/2025

Reference Information

CVE: CVE-2025-20327

CWE: 1287

CISCO-SA: cisco-sa-ios-invalid-url-dos-Nvxszf6u

IAVA: 2025-A-0701

CISCO-BUG-ID: CSCwo34150